Académique Documents
Professionnel Documents
Culture Documents
legitimacy of a Digital Certificate. There are two types of trust models widely used.
Implementing Trust Models
For PKI to work, the capabilities of CAs must be readily available to users. The model
that has been shown to this point is the simple trust model. However, the simple
trust model may not work as PKI implementations get bigger. Conceptually, every
computer user in the world would have a certificate. However, accomplishing this
would be extremely complex and would create enormous scaling or growth issues.
Four main types of trust models are used with PKI:
Hierarchical
Bridge
Mesh
Hybrid
PKI was designed to allow all of these trust models to be created. They can be fairly
granular from a control perspective. Granularity refers to the ability to manage
individual resources in the CA network.
In the following sections, I’ll examine each of these models. I’ll detail how each
model works and discuss its advantages and disadvantages.
Hierarchical Trust Models
1. In a hierarchical trust model—also known as a tree—a root CA at the top
provides all the information.
2. The intermediate CAs are next in the hierarchy, and they only trust
information provided by the root CA.
3. The root CA also trusts intermediate CAs that are in their level in the
hierarchy and none that aren’t. This arrangement allows a high level of
control at all levels of the hierarchical tree.
4. This might be the most common implementation in a large organization that
wants to extend its certificate-processing capabilities.
5. Hierarchical models allow tight control over certificate-based activities.
Figure 7.14 illustrates the hierarchical trust structure. In this situation, the
intermediate
CAs trust only the CAs directly above them or below them.
6. Root CA systems can have trusts between them, and there can be trusts
between intermediate and leaf CAs.
7. A leaf CA is any CA that is at the end of a CA network or chain.
This structure allows you to be creative and efficient when you create hybrid
systems.
Bridge Trust Models
1. In a bridge trust model, a peer-to-peer relationship exists between the root
CAs.
2. The root CAs can communicate with each other, allowing cross certification.
3. This arrangement allows a certification process to be established between
organizations or departments.
4. Each intermediate CA trusts only the CAs above and below it, but the CA
structure can be expanded without creating additional layers of CAs.
5. Additional flexibility and interoperability between organizations are the
primary advantages of a bridge model.
6. Lack of trustworthiness of the root CAs can be a major disadvantage.
7. If one of the root CAs doesn’t maintain tight internal security around its
certificates, a security problem can be created: An illegitimate certificate
could become available to all the users in the bridge structure and its
subordinate or intermediate CAs.
8. This model may be useful if you’re dealing with a large, geographically
dispersed organizationor you have two organizations that are working
together.
9. A large, geographically dispersed organization could maintain a root CA at
each remote location; the root CAs would have their own internal hierarchy,
and users would be able to access certificates from any place in the CA
structure.
Figure 7.15 illustrates a bridged structure. In this example, the intermediate
CAs communicate only with their respective root CA.
10. All cross certification is handled between the two root CA systems.
Tunneling
1. Tunneling refers to creating a virtual dedicated connection between
two systems or networks.
2. You create the tunnel between the two ends by encapsulating the data
in a mutually agreed upon protocol for transmission.
3. In most tunnels, the data passed through the tunnel appears at the
other side as part of the network.
4. Tunneling protocols usually include data security as well as encryption.
5. Several popular standards have emerged for tunneling, with the most
popular being the Layer 2 Tunneling Protocol (L2TP).
6. Tunneling sends private data across a public network by placing
(encapsulating) that data into other packets.
7. Most tunnels are virtual private networks (VPNs). Figure 1.16 shows a
connection being made between two networks across the Internet. To
each end of the network, this appears to be a single connection.